Overview

Out-of-Path with WCCP : Overview

Overview

In this scenario, the Silver Peak appliances are not connected in the direct path of the network traffic. As a result, a network traffic redirection technique is used to forward traffic to the appliance.

Web Cache Coordination Protocol (WCCP) supports the redirection of any TCP or UDP connections to appliances participating in WCCP Service Groups. The appliance intercepts only those packets that have been redirected to it. The appliance accelerates traffic flows that the Route Policy directs to a tunnel; all other traffic passes through the appliance unmodified.

In the unlikely event that the appliance fails, WCCP on the WAN router removes the appliance from the WCCP Service Group and resumes forwarding traffic normally, according to its routing tables.

At Site A, both the router and the participating appliance require a separate WCCP service group for each protocol used in the tunnel. So, if a tunnel uses both TCP and UDP, you must create a separate WCCP Service Group for each protocol (TCP and UDP) used in the A-to-B tunnel.

Network Diagram

Out-of-Path Deployment: Silver Peak Appliance peered with an L3 router using WCCP

The Silver Peak appliances optimize traffic to/from 172.60.10.0/24 and 172.80.10.0/24.

Note You don’t need a spare router port for this configuration. The Silver Peak appliance can be connected to an existing LAN segment and be multiple hops away.

Summary

Appliance Placement

Appliance attached in network, reachable by WAN router

•

Appliance wan0 interface connects to network

•

Do not connect lan0 interface

Fail-Safe Behavior

WCCP recognizes failed appliance

•

Appliance removed from WCCP v2 Service Group

•

WAN router resumes forwarding traffic normally according to its routing tables

IP Addresses

This deployment model requires two IP addresses (on the same or separate subnets)

•

Silver Peak Appliance IP Address (to originate and terminate tunnels)

•

Silver Peak Management IP Address (for appliance configuration and management)

Configure WCCP on the Silver Peak appliance and the WAN router

•

Configure two WCCP v2 Service Groups on the Silver Peak appliance
(one for TCP and one for UDP)

•

Configure two WCCP v2 Service Groups on the WAN router
(one for TCP and one for UDP)

Fail-Safe Behavior

Fail-safe behavior should always be tested before production deployment by ensuring that traffic continues to flow in each of the following cases:

1

With the appliance in “bypass” state

2

With the appliance powered off

3

With the tunnels administratively “down”.

Summary of Configuration Tasks

Task

Notes

For detailed instructions, see...

1

Cable the appliances into the network

Connect each appliance’s wan0 interface to the network, reachable by the WAN router. Do not cable anything to an appliance’s lan0 interface.

Silver Peak NX Series Appliances Operator’s Guide

2

Configure the Site A router

Access the Site A router’s command line interface (CLI) to:

•

Configure an Access Control List (ACL) that redirects all traffic from the Site A subnet to the Site B subnet

•

Configure two WCCP Service Groups — one for UDP, one for TCP

•

Associate the ACL with the Service Group

•

Enable WCCP on the appropriate router interface

“Configuring the Site A Router for WCCP”.

3

Configure Site A’s appliance for out-of-path deployment¹

Access the Initial Config Wizard to assign Appliance IP and Management IP addresses for Site A’s appliance.

Reboot the appliance.

“Using the Initial Config Wizard with Site A’s Appliance”.

4

Verify appliance connectivity

Ensure that the cable connections are sound and you haven’t misconfigured any IP addresses.

Do NOT proceed until you have verified connectivity.

“Verifying Connectivity for Site A’s Appliance”.

5

Configure the WCCP Service Groups on Site A’s appliance

Create one for UDP and one for TCP.

“Configuring WCCP on Site A’s Appliance”.

6

Create a tunnel and Route Policy on Site A’s appliance

Use the Appliance Manager.

“Configuring Site A’s Appliance: Tunnel and Route Policy”.

11

Configure Site B’s appliance for in-line deployment²

Run the Initial Config Wizard to set up Site B’s Silver Peak appliance in Bridge mode.

Reboot the appliance.

“Using the Initial Config Wizard with Site B’s Appliance”.

12

Verify appliance connectivity

Use this to ensure that the cable connections are sound and you haven’t misconfigured any IP addresses.

Do NOT proceed until you have verified connectivity.

“Verifying Connectivity for Site B’s Appliance”.

13

Create a tunnel and Route Policy on Site B’s appliance

Use the Appliance Manager.

“Configuring Site B’s Appliance: Tunnel and Route Policy”.

14

Verify tunnel status

To allow traffic to start flowing, admin up the tunnels on all sides.

“Verifying Tunnel Status”.

15

Test each tunnel from both ends

Verify the tunnel status and ensure that you’re able to access hosts through the tunnel.

“Verifying Connectivity for Tunnel and Pass-Through Traffic”.

“Verifying Connectivity after Configuring Deployment”.

1

IMPORTANT: The Appliance Next Hop IP Address must be the IP address of the WAN edge router. This may or may not be the same as the Management Interface Next Hop IP Address for hosts on the LAN side of your network. If in doubt, check with your network administrator.

2

IMPORTANT: The Appliance Next Hop IP Address must be the IP address of the WAN edge router. This may or may not be the same as the Management Interface Next Hop IP Address for hosts on the LAN side of your network. If in doubt, check with your network administrator.

Collecting the Necessary Information

The example makes the following assumptions:

n

You’re not using DHCP.

n

Speed and duplex for all interfaces are left at the default, auto-negotiation.

Table 5‑1 Out-of-Path Deployment: Silver Peak Appliance peered with an L3 router using WCCP

Field

Example’s Values

Your Data

Default Hostname

silverpeak-f12345

silverpeak-876af3

Hostname
[limited to maximum of 24 characters]

Site A

Site B

Mode

Router

Bridge

Router

Bridge

Admin Password (optional)

Old

admin

admin

New / Confirm

mgmt0

IP Address / Netmask

172.60.10.100/24

172.80.10.100/24

Next-hop IP Address ¹

172.60.10.1

172.80.10.1

Appliance IP

Appliance IP / Netmask

172.70.10.101/24

172.80.10.101/24

Next-hop IP ²

172.70.10.1

172.80.10.1

LAN Next-hop IP (optional)

not applicable

---

not applicable

1

In the example, Site B’s appliance and mgmt0 are both on the same subnet, so their Next-hop IP addresses are the same. It is not a requirement that they be on the same subnet.

2

In the example, Site B’s appliance and mgmt0 are both on the same subnet, so their Next-hop IP addresses are the same. It is not a requirement that they be on the same subnet.

Field	Example’s Values	Your Data
Default Hostname	silverpeak-f12345	silverpeak-876af3
Hostname [limited to maximum of 24 characters]	Site A	Site B
Mode	Router	Bridge	Router	Bridge
Admin Password (optional)
Old	admin	admin
New / Confirm
mgmt0
IP Address / Netmask	172.60.10.100/24	172.80.10.100/24
Next-hop IP Address ¹	172.60.10.1	172.80.10.1
Appliance IP
Appliance IP / Netmask	172.70.10.101/24	172.80.10.101/24
Next-hop IP ²	172.70.10.1	172.80.10.1
LAN Next-hop IP (optional)	not applicable	---	not applicable

Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com.